244 lines
6.2 KiB
Go
244 lines
6.2 KiB
Go
|
// Copyright 2011 The Go Authors. All rights reserved.
|
||
|
// Use of this source code is governed by a BSD-style
|
||
|
// license that can be found in the LICENSE file.
|
||
|
|
||
|
package ssh_test
|
||
|
|
||
|
import (
|
||
|
"bytes"
|
||
|
"fmt"
|
||
|
"io/ioutil"
|
||
|
"log"
|
||
|
"net"
|
||
|
"net/http"
|
||
|
|
||
|
"golang.org/x/crypto/ssh"
|
||
|
"golang.org/x/crypto/ssh/terminal"
|
||
|
)
|
||
|
|
||
|
func ExampleNewServerConn() {
|
||
|
// An SSH server is represented by a ServerConfig, which holds
|
||
|
// certificate details and handles authentication of ServerConns.
|
||
|
config := &ssh.ServerConfig{
|
||
|
PasswordCallback: func(c ssh.ConnMetadata, pass []byte) (*ssh.Permissions, error) {
|
||
|
// Should use constant-time compare (or better, salt+hash) in
|
||
|
// a production setting.
|
||
|
if c.User() == "testuser" && string(pass) == "tiger" {
|
||
|
return nil, nil
|
||
|
}
|
||
|
return nil, fmt.Errorf("password rejected for %q", c.User())
|
||
|
},
|
||
|
}
|
||
|
|
||
|
privateBytes, err := ioutil.ReadFile("id_rsa")
|
||
|
if err != nil {
|
||
|
panic("Failed to load private key")
|
||
|
}
|
||
|
|
||
|
private, err := ssh.ParsePrivateKey(privateBytes)
|
||
|
if err != nil {
|
||
|
panic("Failed to parse private key")
|
||
|
}
|
||
|
|
||
|
config.AddHostKey(private)
|
||
|
|
||
|
// Once a ServerConfig has been configured, connections can be
|
||
|
// accepted.
|
||
|
listener, err := net.Listen("tcp", "0.0.0.0:2022")
|
||
|
if err != nil {
|
||
|
panic("failed to listen for connection")
|
||
|
}
|
||
|
nConn, err := listener.Accept()
|
||
|
if err != nil {
|
||
|
panic("failed to accept incoming connection")
|
||
|
}
|
||
|
|
||
|
// Before use, a handshake must be performed on the incoming
|
||
|
// net.Conn.
|
||
|
_, chans, reqs, err := ssh.NewServerConn(nConn, config)
|
||
|
if err != nil {
|
||
|
panic("failed to handshake")
|
||
|
}
|
||
|
// The incoming Request channel must be serviced.
|
||
|
go ssh.DiscardRequests(reqs)
|
||
|
|
||
|
// Service the incoming Channel channel.
|
||
|
for newChannel := range chans {
|
||
|
// Channels have a type, depending on the application level
|
||
|
// protocol intended. In the case of a shell, the type is
|
||
|
// "session" and ServerShell may be used to present a simple
|
||
|
// terminal interface.
|
||
|
if newChannel.ChannelType() != "session" {
|
||
|
newChannel.Reject(ssh.UnknownChannelType, "unknown channel type")
|
||
|
continue
|
||
|
}
|
||
|
channel, requests, err := newChannel.Accept()
|
||
|
if err != nil {
|
||
|
panic("could not accept channel.")
|
||
|
}
|
||
|
|
||
|
// Sessions have out-of-band requests such as "shell",
|
||
|
// "pty-req" and "env". Here we handle only the
|
||
|
// "shell" request.
|
||
|
go func(in <-chan *ssh.Request) {
|
||
|
for req := range in {
|
||
|
ok := false
|
||
|
switch req.Type {
|
||
|
case "shell":
|
||
|
ok = true
|
||
|
if len(req.Payload) > 0 {
|
||
|
// We don't accept any
|
||
|
// commands, only the
|
||
|
// default shell.
|
||
|
ok = false
|
||
|
}
|
||
|
}
|
||
|
req.Reply(ok, nil)
|
||
|
}
|
||
|
}(requests)
|
||
|
|
||
|
term := terminal.NewTerminal(channel, "> ")
|
||
|
|
||
|
go func() {
|
||
|
defer channel.Close()
|
||
|
for {
|
||
|
line, err := term.ReadLine()
|
||
|
if err != nil {
|
||
|
break
|
||
|
}
|
||
|
fmt.Println(line)
|
||
|
}
|
||
|
}()
|
||
|
}
|
||
|
}
|
||
|
|
||
|
func ExampleDial() {
|
||
|
// An SSH client is represented with a ClientConn.
|
||
|
//
|
||
|
// To authenticate with the remote server you must pass at least one
|
||
|
// implementation of AuthMethod via the Auth field in ClientConfig.
|
||
|
config := &ssh.ClientConfig{
|
||
|
User: "username",
|
||
|
Auth: []ssh.AuthMethod{
|
||
|
ssh.Password("yourpassword"),
|
||
|
},
|
||
|
}
|
||
|
client, err := ssh.Dial("tcp", "yourserver.com:22", config)
|
||
|
if err != nil {
|
||
|
panic("Failed to dial: " + err.Error())
|
||
|
}
|
||
|
|
||
|
// Each ClientConn can support multiple interactive sessions,
|
||
|
// represented by a Session.
|
||
|
session, err := client.NewSession()
|
||
|
if err != nil {
|
||
|
panic("Failed to create session: " + err.Error())
|
||
|
}
|
||
|
defer session.Close()
|
||
|
|
||
|
// Once a Session is created, you can execute a single command on
|
||
|
// the remote side using the Run method.
|
||
|
var b bytes.Buffer
|
||
|
session.Stdout = &b
|
||
|
if err := session.Run("/usr/bin/whoami"); err != nil {
|
||
|
panic("Failed to run: " + err.Error())
|
||
|
}
|
||
|
fmt.Println(b.String())
|
||
|
}
|
||
|
|
||
|
func ExamplePublicKeys() {
|
||
|
// A public key may be used to authenticate against the remote
|
||
|
// server by using an unencrypted PEM-encoded private key file.
|
||
|
//
|
||
|
// If you have an encrypted private key, the crypto/x509 package
|
||
|
// can be used to decrypt it.
|
||
|
key, err := ioutil.ReadFile("/home/user/.ssh/id_rsa")
|
||
|
if err != nil {
|
||
|
log.Fatalf("unable to read private key: %v", err)
|
||
|
}
|
||
|
|
||
|
// Create the Signer for this private key.
|
||
|
signer, err := ssh.ParsePrivateKey(key)
|
||
|
if err != nil {
|
||
|
log.Fatalf("unable to parse private key: %v", err)
|
||
|
}
|
||
|
|
||
|
config := &ssh.ClientConfig{
|
||
|
User: "user",
|
||
|
Auth: []ssh.AuthMethod{
|
||
|
// Use the PublicKeys method for remote authentication.
|
||
|
ssh.PublicKeys(signer),
|
||
|
},
|
||
|
}
|
||
|
|
||
|
// Connect to the remote server and perform the SSH handshake.
|
||
|
client, err := ssh.Dial("tcp", "host.com:22", config)
|
||
|
if err != nil {
|
||
|
log.Fatalf("unable to connect: %v", err)
|
||
|
}
|
||
|
defer client.Close()
|
||
|
}
|
||
|
|
||
|
func ExampleClient_Listen() {
|
||
|
config := &ssh.ClientConfig{
|
||
|
User: "username",
|
||
|
Auth: []ssh.AuthMethod{
|
||
|
ssh.Password("password"),
|
||
|
},
|
||
|
}
|
||
|
// Dial your ssh server.
|
||
|
conn, err := ssh.Dial("tcp", "localhost:22", config)
|
||
|
if err != nil {
|
||
|
log.Fatalf("unable to connect: %s", err)
|
||
|
}
|
||
|
defer conn.Close()
|
||
|
|
||
|
// Request the remote side to open port 8080 on all interfaces.
|
||
|
l, err := conn.Listen("tcp", "0.0.0.0:8080")
|
||
|
if err != nil {
|
||
|
log.Fatalf("unable to register tcp forward: %v", err)
|
||
|
}
|
||
|
defer l.Close()
|
||
|
|
||
|
// Serve HTTP with your SSH server acting as a reverse proxy.
|
||
|
http.Serve(l, http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
|
||
|
fmt.Fprintf(resp, "Hello world!\n")
|
||
|
}))
|
||
|
}
|
||
|
|
||
|
func ExampleSession_RequestPty() {
|
||
|
// Create client config
|
||
|
config := &ssh.ClientConfig{
|
||
|
User: "username",
|
||
|
Auth: []ssh.AuthMethod{
|
||
|
ssh.Password("password"),
|
||
|
},
|
||
|
}
|
||
|
// Connect to ssh server
|
||
|
conn, err := ssh.Dial("tcp", "localhost:22", config)
|
||
|
if err != nil {
|
||
|
log.Fatalf("unable to connect: %s", err)
|
||
|
}
|
||
|
defer conn.Close()
|
||
|
// Create a session
|
||
|
session, err := conn.NewSession()
|
||
|
if err != nil {
|
||
|
log.Fatalf("unable to create session: %s", err)
|
||
|
}
|
||
|
defer session.Close()
|
||
|
// Set up terminal modes
|
||
|
modes := ssh.TerminalModes{
|
||
|
ssh.ECHO: 0, // disable echoing
|
||
|
ssh.TTY_OP_ISPEED: 14400, // input speed = 14.4kbaud
|
||
|
ssh.TTY_OP_OSPEED: 14400, // output speed = 14.4kbaud
|
||
|
}
|
||
|
// Request pseudo terminal
|
||
|
if err := session.RequestPty("xterm", 80, 40, modes); err != nil {
|
||
|
log.Fatalf("request for pseudo terminal failed: %s", err)
|
||
|
}
|
||
|
// Start remote shell
|
||
|
if err := session.Shell(); err != nil {
|
||
|
log.Fatalf("failed to start shell: %s", err)
|
||
|
}
|
||
|
}
|